How Does Phishing Work? Learn to Identify Dodgy Emails

How Does Phishing Work? Learn to Identify Dodgy Emails
Page content

The practice of phishing is essentially a criminal act which involves attempts to acquire sensitive information such as usernames, passwords, bank and credit card details by posing as a trusted company in an email or message. The criminals set up fraudulent fronts pretending to be legitimate websites or organizations and try to con people into handing over information they can use to steal money.

How Does Phishing Work?

There are various approaches adopted by criminals when trying to steal your personal information. The most common is to send you an email which appears to come from your bank or a website such as eBay or PayPal where you might have cash stored and credit card details. Perhaps the best way to explain how phishing works is to give an example.

You receive an email in your inbox which appears to come from PayPal. It uses the PayPal graphic as a header. The email informs you that your account may be suspended unless you log in and update your credit card details. There is a link in the email which directs you to a site which appears to be PayPal but is in fact a fake. If you log in and enter your credit card details into this fake site, then the criminals obtain your username and password for PayPal and your credit card information. They then use the information to steal your money.

Other Phishing Scams

Phishing is sadly quite a successful practice and many people are fooled into handing over sensitive information. As the practice has become more common the techniques used to con you out of your cash have become more complex and clever. The simplest form involves sending you an instant message or email which asks for personal details. No organization will ask you for sensitive information in this way so do not respond to any such request.

Phishing scams can be leant legitimacy when the criminal finds out some information about you first, such as your name. An email or message which doesn’t address you by name is obviously a fake but even when they do know your name this doesn’t mean they are who they say they are. It is quite easy to get information about people online and attach a name to an email address.

A practice which is becoming more common is for criminals to use the account of someone you know in order to try and con cash out of you. The idea is that if you receive an email or instant message which appears to come from a friend or family member then you might be more tempted to hand over cash. If you receive an email or instant message which appears to come from someone you know and asks for cash double check with the person in question. A quick phone call or even a question which only they would be able to answer can save you a lot of money and hassle and reveal a scam.

Identifying Phishing Attempts

There are lots of giveaways that an email or message you have received is in fact a phishing scam. Look out for the following:

  • You are not addressed by name.
  • The email address of the sender is hidden.
  • The recipient field doesn’t contain your email address.
  • There are spelling mistakes in the message.
  • The email is badly formatted.
  • The email or message insists that an instant response is required.
  • The email contains a form to fill out.
  • The email contains a link which you are asked to follow.

There are various ways to guard against phishing. For more on the subject check out Phishing Scams and for a game that trains you to spot phishing check out Anti-Phishing Phil.


  • Author’s own knowledge.